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Abstract. We report on our formalization of matrix-interpretation in 
Isabelle/HOL. Matrices are required to certify termination proofs and 
we wish to utilize them for complexity proofs, too. For the latter aim, 
only basic methods have already been integrated, and we discuss some 
upcoming problems which arise when formalizing more complicated re- 
sults on matrix-interpretations, which are based on Cayley-Hamilton's 
theorem or joint-spectral radius theory. 



^ ■ 1 Introduction 



IsaFoR is a an Isabelle/HOL [14] Formalization of Rewriting [17]. The initial 
aim in the development of IsaFoR was the certification of termination proofs of 
term rewrite systems (TRSs). Here, several important techniques like recursive 
path orders, polynomial orders, matrix interpretations, and dependency pairs 
have been formalized in a deep embedding. All these termination techniques 
are accompanied with executable algorithms which guarantee the correct appli- 
cation of these techniques in some termination proof that should be certified. 
The corresponding certifier CeTA (Certified Termination Analysis) is obtained 
by invoking Isabelle's code-generator [6] on these executable algorithms. 

In the mean time, most termination techniques that are applied in current 
termination tools for TRSs can indeed be certified, and IsaFoR was extended 
towards other interesting rewriting related topics like confluence, completion, 
and complexity analysis. 

In the sequel, we will report on our formalization of complexity analysis, 
where we will concentrate on one specific method: matrix interpretations for in- 
ferring polynomial complexity bounds. To this end, we will shortly recapitulate 
some theory on term rewriting and matrix interpretations in Sec. 2. Our formal- 
ization of matrix interpretations for termination proofs in presented in Sec. 3. 
We discuss the extension to complexity proofs in Sec. 4 where we also discuss 
some open problems. 

All formalizations described in this paper are available from the AFP-entry 
[16] or from the IsaFoR-library (http : //cl-inf ormatik.uibk. ac . at/ sof tware/ceta) 



2 Preliminaries 



We assume familiarity with term rewriting [1]. Still, we recall the most important 
notions that are used later on. A term t over a set of variables V and a set of 
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function symbols T is either a variable x € V or an n-ary function symbol / £ J 
applied to n argument terms f{t\, . . . , t n ). We write \t\ for the size of a term. 

A rewrite rule is a pair of terms £ — > r and a TRS 7^ is a set of rewrite rules. 
The rewrite relation ( induced by 1Z) —hji is the closure under substitutions and 
under contexts of 1Z, i.e., s — >n t iff there is a context C, a rewrite rule f->r£K, 
and a substitution cr such that s = C\ia\ and t = C[ro-]. A TRS 1Z is terminating, 
written SN(7?.), if there is no infinite derivation t\ — >n t-i ->7j £3 .... 

For a finite and terminating TRS 7Z, we its derivational complexity den : N — > 
N is defined as dc-jz(n) = max{fc | Elti . . . ifc.|ti| < n A ti -^-jz t 2 —>n ■ ■ ■ — >tc tk}- 

One important termination technique is the usage of well-founded monotone 
algebras. In this approach, it is assumed that there is some algebra {A, {/a} fer), 
where A is the universe and for each function symbol / or arity n we have an 
interpretation function fa ■ A' 1 — > A. Moreover, there is some well-founded 
order > on A and all have to be monotone w.r.t. > in all their arguments. 

Proving termination using well-founded monotone algebras can now be done 
by demanding for all assignments a : V — > A and all rules I — > r 6 1Z that 
[Z] Q > [r] Q . The reason is that then every rewrite step s — C\lo\ ~^tz C[ra] = t 
leads to a strict decrease [s] Q > [f] Q w.r.t. the well-founded order. Polynomial 
orders [2,10] are a well-known instance of well-founded monotone algebras where 
every is a polynomial, A — N, and > is the standard order on the naturals. 

Despite proving termination, well-founded monotone algebras can also be 
used for complexity analysis. Assume > is the standard order on the naturals. 
Then for any ground term t, its interpretation [i] is a bound on the length of 
each derivation starting in t. Hence, if we can find a bound b : N — > N such that 
[i] < b(\t\) for all terms t, then dc-ji(n) < b(n) and thus, b is also a bound for 
the derivational complexity. 

Unfortunately, if one considers polynomial orders, then the bound b can be 
double-exponential and this bound is tight [8]. Even for linear polynomial or- 
ders in general one can only infer an exponential bound. Only for a very re- 
stricted class of polynomial interpretations (strongly linear interpretations [3]), 
one achieves a linear complexity bound. So, when using polynomial interpreta- 
tions we either have to impose severe restrictions to obtain a linear bound, or 
without this restriction we can only guarantee non-polynomial bounds. 

Luckily, it turned out that other well-founded monotone algebras are useful 
for proving termination [5] and complexity [12]: matrix-interpretations. Matrix 
interpretations are similar to linear polynomial interpretations except that A is 
the set of n-dimensional square matrices over some carrier. 1 To be more precise, 
every fa is of the form /U(xi, . . . ,x n ) = Mf t o + Mf^xi + . . . + Mf^ n x n and 
matrices are compared by demanding a strict decrease in the upper-left entry, 
and a weak decrease in all remaining entries. To ease presentation we here assume 
that we have n-dimensional matrices of natural numbers, i.e., A = N nxn . 



1 In [5], the universe consists of vectors, and the linear interpretations take matrices 
as coefficients. However, in the formalization of [4] and also in our formalization of 
matrix interpretations it was easier to always use matrices. 
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Using matrix interpretations, there are at least three approaches to estimate 
the value of [t] depending on \t\. In all these techniques one collects the set of all 
matrix-coefficients M. = {Mfj \ f S J-, 1 < i < arity of /} and it is easy to see 
that [i] < \t\ ■ c ■ maxjA^i • • • Nut \ Ni £ A4} where c is some constant depending 
on {M /l0 / J'\- 

(a) In [12] one approximates {Ni---N\ t \ \ Ni G M} by Afm ax where M m3X is 
the pointwise maximum matrix of M.. Afterwards, a sufficient criterion to 
bound the value of Mm ax is provided: if M max is upper triangular where all 
entries on the diagonal are at most 1, then the overall complexity is within 
C(|i| n ) where n is the dimension of the matrix. This result is proven using 
a standard inductive proof. 

(b) In [13] the previous result is extended as follows: If all eigenvalues of the 
characteristic polynomial of M max are at most 1 , then the overall complexity 
is within £)(|i| m ) where m is the multiplicity of eigenvalue 1. This result is 
proven via the theorem of Cayley-Hamilton [15]. 

(c) Even more precise estimations can be gained by using theorems from joint 
spectral radius theory [9,11] as these do not perform the rough approxima- 
tion of A4 via M max . Unfortunately, the corresponding mathematics is even 
more complicated than the Cayley-Hamilton theorem. 

3 Formalizing Matrix Interpretations for Termination 

Recall that the aim of our formalization is to obtain an executable program, CeTA, 
that is able to certify proofs with matrix interpretations of arbitrary dimensions. 
For the formalization of matrices itself, there are several options: 

• If there are dependent types, then the obvious choice is to model matrices in 
N" x ™ as lists of lists of length n. However, we are working in Isabelle/HOL, 
so this is not an option in our case. 

• Alternatively, one can use the idea to model matrices as functions of type 
/ — > I — > A where / is some finite index type and where the cardinality of I 
corresponds to the dimension [7]. 

Unfortunately, this trick is not possible in our case, since as far as we see, 
for code-generation it is necessary to instantiate the index type / above for 
every dimension that we would require. However, the dimensions of matrices 
that will be used in the certificates can be arbitrary without any bound on 
the dimension. 

• The representation of Steven Obua uses a type N — >• N — > A with the re- 
striction that only finitely entries are non-zero. 2 Here, we see two problems, 
namely executability of matrix comparisons and moreover, this representa- 
tion does not allow to define a 1-matrix, which would be inconvenient for 
our purposes. 

2 See HOL/Matrix-LP/Matrix . thy for details. 
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• Define matrixes just as lists of lists and use predicates as guards to ensure 
that the dimensions fit. 

We formalized several matrix-operations using the last approach with guards. 
Essentially, all our theorems look as follows where mat m, ™(M) is a predicate that 
ensures that M represents an m x n-matrix, i.e., the outer list is of length m 
and all inner lists have length n. 

M + N = N + M (1) 
mat m -"(Af + A0 (2) 

(M = N) = (Vy.Afy = i%) (3) 
(M + N)ij = Mij + Nij (4) 

Here, property (1) states that matrix addition is commutative (silently as- 
suming that the addition on the underlying carrier is commutative), but this 
fact is guarded by the condition that the matrix dimensions of both matrices fit 
together. 

The next kind of property (2) states that matrix addition preserves the di- 
mensions which is required to perform reasoning within contexts, e.g., to prove 
(M + N) + K = K + (M + N) where we only know the dimensions of matrices 
M, N, and K. 

Property (3) was somehow the key to prove most properties of basic matrix 
operations: Instead of comparing matrices using their representing type, i.e., the 
inductive type of lists, we do a pointwise comparison. And then a property like 
(4) just states that the algorithm for addition (which is defined recursively over 
lists) is correct w.r.t. the pointwise definition of matrix addition. Afterwards, 
all properties involving addition use the characterization of (4) instead of the 
concrete implementation on lists. For example, the prove of (1) becomes trivial 
using (3), (4), and commutativity of the addition on the carrier, and does not 
require any induction. 

Using this representation of matrices, code-generation works without any 
problems, since all algorithms like matrix-addition, -multiplication, etc. are just 
algorithms on lists. However, it has one major disadvantage, namely that we can- 
not use matrices in combination with the standard classes like group or semiring 
from the Isabelle-distribution since these require equalities like M + N = N + M 
without the additional guards that we impose. As one example consequence, it 
is not possible to combine the polynomial library of Clemens Ballarin from the 
Isabelle-distribution 3 with our matrix library. 

To this end, we had to develop our own library on linear polynomials which 
works on guarded operations and requires properties like (1) and (2). It is need- 
less to say that working with these guards is by far more cumbersome than 
working with the similar unguarded classes from the distribution. 

3 In HOL/ Algebra/ abstract /Ring2. thy one can see the (unguarded) requirements for 
HOL/Algebra/poly/Polynomial . thy 



mat m <"(M) => mat m >"(A0 
mat m ' n (M) => mat m >"(A0 
mat"' ".:.W: mat m <"(A0 
mat m ' n (M) => mat m ' n (A0 
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4 Formalizing Matrix Interpretations for Complexity 

The switch from termination to complexity proofs via matrix interpretations 
poses one additional challenge, namely that of estimating values or growth-rates 
of matrices. 

So far, we formalized the approach of (a) using triangular matrices. Already 
in this technique, an unexpected challenge has occurred in formalizing that the 
linear matrix norm is sub-multiplicative, i.e., \\M ■ N\\ < \\M\\ ■ \\N\\. In the 
literature we only found proofs for matrices over real or complex numbers which 
are based on a suprema- or limit-construction. However, in our setting we would 
like to have this statement for matrices over arbitrary carriers like the naturals, 
the integers, or the rationals. Therefore, we developed our own proof which works 
by induction over the shared dimension of M and N and is about 200 lines long 
(in Isabelle). 

For the future, when extending our work towards the more sophisticated 
methods of (b) and (c) we would like to minimize the effort in finding new 
proofs, e.g., for (b) we plan to first formalize the theorem of Cayley-Hamilton 
and then use it in the same way as it is done in [13]. However, here already in the 
setup there is one major obstacle: the theorem of Cayley-Hamilton requires non- 
linear polynomials over matrices, and we are not aware of any Isabelle library 
on non-linear polynomials that is able to deal with guarded semirings like our 
matrices. 

So, the questions to the Isabelle-community would be, whether 

• someone has already done work on non-linear polynomials using guarded 
semirings? 

• one should try to generalize the existing classes like semiring and the existing 
polynomial library from the distribution to work with guards? 

• one should develop an independent formalization of non-linear polynomials 
including guards? 

• we overlooked something, and there is a possibility to use matrices of arbi- 
trary dimension in combination with code-extraction and the existing library 
on polynomials? 
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